Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
127s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 04:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
55fc6b76766067b7dea58927b860b5f1.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
55fc6b76766067b7dea58927b860b5f1.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
55fc6b76766067b7dea58927b860b5f1.dll
-
Size
29KB
-
MD5
55fc6b76766067b7dea58927b860b5f1
-
SHA1
f7f3c39987e530ec11368c5f60b0e61bcb464b56
-
SHA256
eb0094369f4ad2c243920643331f4e071288f2584a45369caeec67cdc91ccc7a
-
SHA512
baa5ad9fb5b62ba29dbc648d72ed2da134fafdaec80c2c9687e8893e4ff51b20566c0542e9b340d09e590dfb8bb3e43d6d203a58dcff0b1f32feea2d8b7ac794
-
SSDEEP
768:4NgHF88Q9RIdkLuNxiWU9vBTjZGU9EliXQa2CoIwYm4nf:xHG9RIdtAD9pRGU9EliAa27fYm4nf
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 5096 4908 WerFault.exe 62 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4036 wrote to memory of 4908 4036 rundll32.exe 62 PID 4036 wrote to memory of 4908 4036 rundll32.exe 62 PID 4036 wrote to memory of 4908 4036 rundll32.exe 62
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55fc6b76766067b7dea58927b860b5f1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55fc6b76766067b7dea58927b860b5f1.dll,#12⤵PID:4908
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 5483⤵
- Program crash
PID:5096
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4908 -ip 49081⤵PID:2872